GLSA-200604-10 : zgv, xzgv: Heap overflow

NASLDB: GLSA-200604-10 : zgv, xzgv: Heap overflow

General

ID: 21256
Name: GLSA-200604-10 : zgv, xzgv: Heap overflow

Summary: Checks for updated package(s) in /var/db/pkg

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: –

Port: 0
Family: Gentoo Local Security Checks
Type: Local

Description

The remote host is affected by the vulnerability described in GLSA-200604-10
(zgv, xzgv: Heap overflow)

Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate
insufficient memory when rendering images with more than 3 output
components, such as images using the YCCK or CMYK colour space. When
xzgv or zgv attempt to render the image, data from the image overruns a
heap allocated buffer.

Impact :

An attacker may be able to construct a malicious image that executes
arbitrary code with the permissions of the xzgv or zgv user when
attempting to render the image.

Workaround :

There is no known workaround at this time.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2006-1060
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2006/04/07
Patch Release: 2006/04/21
Plugin Release: 2006/04/21

Plugin

Version: 1.10
Filename: gentoo_GLSA-200604-10.nasl
Filesize: 3816 bytes
MD5 Hash: 326b28f0a63523b8b30e570b6b3d4d84

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list
Dependencies: "ssh_get_info.nasl"

Latest Plugins

Latest Plugins

scip AG